Quoting Dmitry V. Levin (2016-03-07 01:16:36) > On Sun, Mar 06, 2016 at 05:31:15PM +0100, Gabriel Laskar wrote: > > So a good start would be to just decode the basic headers for these > > packets, only on recvmsg/sendmsg, and build from there in order to add > > more protocols for example.
So the steps would be, first, decode the headers, and after that, add some protocols (NETLINK_ROUTE, NETLINK_FIREWALL ...). > > After that we need also to be able to look at send/recv, but for that > > we need to be able to recognize the protocol before. There may be some > > work done on that point (retrieve the address family/type/protocol > > under a socket) but I am not sure about it. > > There is some protocol family decoding implemented for -yy option, e.g. > > $ strace -qq -yy -esocket ip a >/dev/null > socket(PF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_ROUTE) = > 3<NETLINK:[1234567]> > > I suppose this implementation could be reused for netlink decoding > of syscalls that don't provide protocol family information. Yes, I think so. Thank you a lot for you answers, Cheers, -- Fabien Siron ------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://makebettercode.com/inteldaal-eval _______________________________________________ Strace-devel mailing list Strace-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/strace-devel
